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AMENDMENTS TO THE CLAIMS 

Pursuant to 37 C.F.R. § 1.121 the following listing of claims will replace all prior versions, and 
listings, of claims in the application. 

Listing of Claims: 

1 . (Currently Amended) A method for a roaming user to establish a security association with an 
application server in a visited network, wherein the roaming user has completed a mutual 
authentication with a Bootstrapping Server Function (BSF) that performs user identity initial 
verification in a generic authentication architecture in his hom e network, and obtained a 
Bootstrapping Transaction Identifi e r (B TIB) assigned to him by the BSF, comprising the steps of : 

the application server in the visited network receiving a service request messagcrby^he 
application server in the visit e d n e twork, fi-om the roaming use r, said service request message 
containing a Bootstrapping-Transaction Identifier (B-TID). the B-TID being assigned to the 
roaming user by a Bootstrapping Server Function (BSF) based upon a mutual authentication of the 
roaming user with the BSF that performs user identity initial verification in a generic authentication 
architecture in a home network of the roaming user: 

the application server in the visited network inquiring from an authentication entity in the 
visited network about the roaming user's user information associated with the B-TID, the user 
information comprising user authentication results of the generic authentication architecture in the 
roaming user's home network; 

the authentication entity finding out the home network to which the user belongs according to 
the B-TID; 

the authentication entity acquiring the user information associated with the B-TID from the 
BSF in the roaming user's home network, and returning the acquired user information to the 
application server; th e B TIB;, 

the application server in the visited network obtainin g, by the application server in the visited 
network, the roaming user's user information comprising the user authentication results of the 
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generic authentication architecture in the roaming user's home network , wherein the user 
information is associated with the B TIB ; and 

the appUcation server in the visited network establishing a security association with the 
roaming use r, by the application server in th e visited network, according to the user authentication 
results of the generic authentication architecture in the roaming user's home network. 

2. (Cancelled) 

3. (Currently Amended) The method according to Claim 21, wherein the authentication entity 
in the visited network is a BSF or a generic authentication architecture proxy in the visited network; 

the step of the BSF or the generic authentication architecture proxy in the visited network 
acquiring the user information associated with the B-TID from the roaming user's home network 
comprises: 

the BSF or the generic authentication architecture proxy in the visited network directly sending 
a query message to the BSF in the roaming user's home network, inquiring about the user 
information associated with the B-TID; and obtaining the user information associated with the B- 
TID from the response message returned by the BSF in the roaming user's home network. 

4. (Currently Amended) The method according to Claim 3, wherein the generic authentication 
architecttire proxy in the visited network is an independent server, or a server combined with an 
authentication, authorization and accounting ( AAA) server in the local network, or a server 
combined with the application server in the local network. 

5. (Currently Amended) The method according to Claim 21, wherein, the authentication entity 
entiey in the visited network is ^ an authentication, authorization and accounting ( AAA) server in 

the visited network; 

the step of the AAA server in the visited network acquiring the user information associated 
with the B-TID from the BSF in the roaming user's home network comprises: 
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the AAA server in the visited network sending a query message to the AAA server in the 
roaming user's home network, inquiring the information assoiciated the the B-TID; 

the AAA server in the home network inquiring the BSF in the local network, after the BSF in 
the local network finding the user information associated with the B-TID, it returning a response 
message, with the user information associated with the B-TID in it, to the local AAA server, and the 
AAA server returning a response message, with the user information associated with the B-TID in 
it, to the AAA server in the visited network; and 

the AAA server in the visited network obtaining the user information associated with the B- 
TID from the response message returned by the AAA server in the roaming user's home network. 

6. (Cancelled) 

7. (Original) The method according to Claim 1, wherein the user information comprises at 
least: key information and the user's identity. 

8. (Cancelled) 

9. (Cancelled) 

10. (Original) The method according to Claim 7, wherein the user information also comprises 
the profile information associated with security. 

11. (Cancelled) 

12. (Cancelled) 

13. (Original) The method according to Claim 7, wherein the key information is a shared key 
Ks generated in authentication, or a Ks-derived key and its valid term. 

14. (Cancelled) 

15. (Cancelled) 
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16. (New) An application server in a communication network comprising a home network and 
a visited network of a roaming user, comprising: 

circuitry adapted for receiving a service request message from the roaming user containing a 
Bootstrapping-Transaction Identifier (B-TID), the B-TID being assigned to the roaming user by a 
Bootstrapping Server Function (BSF) based upon a mutual authentication of the roaming user with 
the BSF that performs user identity initial verification in a generic authentication architecture in the 
home network of the roaming user; 

circuitry adapted for inquiring from an authentication entity about an authentication in the 
visited network to obtain the roaming user's user information associated with the B-TID; the 
roaming user's user information comprising user authentication results of the generic authentication 
architecture in the roaming user's home network; 

circuitry adapted for obtaining the roaming user's user information from the authentication 
entity after the authentication entity finds out the home network to which the user belongs according 
to the B-TID and acquires the user information associated with the B-TlD from the BSF in the 
roaming user's home network; and 

circuitry adapted for establishing a security association with the roaming user according to the 
user authentication results of the generic authentication architecture in the roaming user's home 
network. 

17. (New) The application server accoring to Claim 16, wherein the user information 
comprises at least: key informaitn and the user's identity. 

18. (New) A system, comprising an application server according to any of claims 16-17, 
wherein the application server is connected with the authentication entity, and the authentication 
entity comprises circuitry adapted for finding out a user's home network entity. 

19. (New) The system according to Claim 18, wherein the authentication entity further 
comprises circuitry for communicating with a BSF. 
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